Use Azure Active Directory with Spring Security 5.0 for OAuth 2.0

We are excited to announce that Spring Starter for Azure Active Directory (AD) is now integrated with Spring Security 5.0. It offers you an easy way to build OAuth2.0 authentication and authorization flow for your Java apps in the cloud, supporting both implicit and authorization code grant types. With only a few lines of configuration, you can build apps that perform authentication with Azure Active Directory OAuth2 and manage authorization with Azure Active Directory groups.

Get started

To start, open the Azure portal and register a new application in Azure Active Directory (AD). Next, grant permissions to the newly created application. Use Azure Active Directory’s group and member to set up the access rules. Add the Spring Security Azure AD library to your project. Depending on the kind of application that you’re building, choose from the following two authentication types to build up OAuth2.0 authentication and authorization flow. Learn more about Spring Starter for Azure Active Directory on GitHub.

Back-end authentication

Once the library of Spring Security Azure AD is added to the project, it will automatically map the Azure AD groups and Spring Security authorization logics. It allows developers to build the OAuth2.0 flow in the back end. To enable that, you only need to add the following configurations to specify the usage of OAuth2 User Service. Then you can use the annotation @PreAuthorize("hasRole('GROUP_NAME')") for role-based authorization. To learn more, please review our example on GitHub.

Front-end authentication

For a Single Page Application (SPA) scenario, use Azure AD library for JavaScript to handle Azure AD authentication in the front end, and autowire the AADAuthenticationFilter in your Spring Boot project. Then you can use the annotation @PreAuthorize("hasRole('GROUP_NAME')") for role-based authorization. Learn more by reviewing the Azure Active Directory Spring Boot sample.